I found myself needing this script for some nonsense reason involving tech-averse users and an intranet. I decided to document it below for posterity. It’s real dirty, so use at your own risk.

Credit to John Martin @ www.bigspring.co.uk for pointing me in the right direction.

<?php
/* take the following script and modify the 
connection details and query to suit your needs */

// function to generate salt
function genRandomPassword($length = 32)
{
    $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    $len = strlen($salt);
    $makepass = '';
    mt_srand(10000000 * (double) microtime());
    for ($i = 0; $i < $length; $i ++) {
        
        $makepass .= $salt[mt_rand(0, $len -1)];
    
    }
    
    return $makepass;
}

// connection
// FILL IN YOUR DATABASE DETAILS HERE
$hostname = "yourhost";
$database = "db_name";
$username = "db_user";
$password = "db_pass";
$prefix = "jos_";

$site = mysql_pconnect($hostname, $username, $password) or trigger_error(mysql_error(),E_USER_ERROR); 
mysql_select_db($database, $site);

// run query
// QUERY TO RETURN USER IDS OF ALL 'registgered' usertypes (gid = 18)

$query = "SELECT * FROM ".$prefix."users WHERE gid <= '18'";

$result = mysql_query($query, $site) or die(mysql_error());
$row_result = mysql_fetch_assoc($result);
$num_rows = mysql_num_rows($result);
echo "You're resetting ". $num_rows ." passwords";

do {
    
    
    //generate salt
    $salt = genRandomPassword();

    // update 

    $query_update = "UPDATE ".$prefix."users SET password = '" . md5(stripslashes("NEW-PASSWORD").$salt) .':'.$salt . "' WHERE id = " . $row_result['id'];
    $update_result = mysql_query($query_update, $site) or die(mysql_error());
    echo $query_update."<br />";

    
} while ($row_result = mysql_fetch_assoc($result));


?>